You are quite correct - and I certainly believe we should explore certificate
based authentication.
Access control is more of a challenge - as far as I am aware (but I am probably
wrong) there is no widely accepted mechanism for certificate based access
control.
"Carl Kugler/Boulder/IBM" <kugler@us.ibm.com> on 08/21/2000 02:09:47 PM
To: ifx@pwg.org
cc: (bcc: Paul Moore/AUCO/US)
Subject: IFX> draft-moore-qualdocs-protocol-00.txt
<!--StartFragment-->7 Security considerations
QD presents an interesting challenge of balancing security and
openness. Many of the envisaged uses of QD require confidentiality of
the data . at the same time the receiver typically has no prior
knowledge of the sender or the sending user. This last point will
normally rule out all user-based authentication and access control.
<!--EndFragment-->
Comment: I don't think the receiver's lack of knowledge of the sender
necessarily rules out all user-based authentication. Authentication is
"the act of verifying the claimed identity of an individual,
station or originator".
Client-side certificates could be used for this. I think it's useful,
because it would allow one to set up a Printer that is publicly, but not
anonymously, accessible.
-Carl
This archive was generated by hypermail 2b29 : Mon Aug 21 2000 - 17:33:54 EDT